Office of Information Security Newsletter

Protecting yourself on the Internet

There are thousands of versions of fake antivirus software and rogue applications, but all work on the foundation of misleadingly informing users their computer has been infected with malware (viruses, spyware). The programs then hassle and coerce users to purchase the software, which often looks genuine and legal but has no real functionality. Their end game is to assault your data and compromise your machine.

Users are normally asked if they want to clean their machine, which causes the fake software to download. Fake antivirus programs usually spread by social engineering methods rather than by exploiting software vulnerabilities on the victim's computer, according to Google. What does this mean? It’s all in the hands of the end user and set computer. If you can cut them off at the pass, their fake antivirus software will be ineffective and you will have prevailed in this information security battle for this day.

Google conducted a 13-month study reviewing some 240 million web pages. The company determined that 11,000 of those domains were involved in deploying fake antivirus programs and that those kinds of program comprise 15 percent of the malicious software on the web. 15 percent might not sound like much, but trust us that is a whole lot of bad software roaming out there on the internet. The study can be found here for those who want more information on this topic.

The scammers behind the fake antivirus programs normally use online advertisements using popular keywords, although Google claims it filters those advertised URLs (websites) to delete the malicious ones. Google will blacklist or cancel those domains to warn people, but those creating fake antivirus programs change the domains hosting their malicious software faster than ever to evade the block list.

According to Google, a domain hosting fake antivirus software used to serve up the content for up to 100 hours in April 2009, but that figure fell to less than 10 hours in September 2009 and then to less than one hour in January.

The reason why these fake antivirus programs are so hard to find and take down is because of an increased level of "polymorphism," a technique used to make an application look unique and evade malware scanners.

Examples of fake antivirus programs are as follows:

WINFIXER

WinAntivirus

DriveCleaner

ErrorSafe

XP Antivirus

Bottom line, if you see any weird popup asking you install anything, stop and consult with the IT Help Desk or the Office of Information Security before taking any action and possibly compromising your machine. Conventional legal antivirus products and malware scanners are always the best to make this determination, but even sometimes that might not be enough.

Do not hesitate to ask any questions. Only you can stop fake antivirus programs and rogue applications dead in their tracks.

The University of Texas at Brownsville website uses Javascript.
Your browser either doesn't support Javascript or you have it turned
off.
To access this page as it is meant to function please use a Javascript
enabled browser.